php mysql entering data in database - does not post to db

[tylrwb]

I am having a little problem with my php page I have a simple area to icert data - only it does not incert the data. I have not encountered this before. I cannot see anything wrong with it but, maybe someone else can. connection to the database is already made at this point at the top of my page. It does connect and the date is entered but nothing else?

Here is the code:

 

<?php

if (isset($_REQUEST['Submit']))

{

$date = date("Y-m-d");

$sql = "INSERT INTO ads(heading, body, date, author_name, author_email, link) VALUES('$heading', '$body', '$date', '$author_name', '$author_email', '$link')";

if($result = mysql_query($sql ,$db))

{

echo "Thank you, Your information has been entered into our database";

}

else

{

echo "ERROR: ".mysql_error();

}

 

}

else

{

 

?>

<p><h3>Enter your ad into the database</h3>

<form  method="post" action="test4.php">

Name:     <input type="text" size="20" name="author_name"><p>

Email:      <input type="text" size="20" name="author_email"><p>

Heading:  <input type="text" size="20" name="heading"><p>

Description:<br>

<textarea cols=40 rows=10 name="body" wrap="virtual">

</textarea><p>

Full Link:  <input type="text" size="50" name="link"><p>

<input type="submit" name="Submit" value="Submit Ad!">

</form>

<?php

}

?>

 

thanks for everyone's help!

[peranha]

Where are you assigning the heading, body, date, author_name, author_email, and link to the variables in the form, or is it up farther with the databse.  Are you getting any errors on screen or in you log file?

[tylrwb]

no errors on screen

top looks like this:

$db = mysql_connect($hostname, $db_user, $db_password);

mysql_select_db($db_name,$db);

 

login info is above this

[peranha]

Where are you doing something like this

 

$date = date("Y-m-d");

 

for all the fields that are filled in.  They all have to be like this

 

$heading = $_POST(heading);

 

and so on

[tylrwb]

I kinda thought somthing like that but I am REQUESTING not POST

 

I get this

 

Fatal error: Function name must be a string in /home/srppur3/public_html/srp-design/test4.php on line 121

 

I entered this:

 

$heading = $_POST(heading);

[peranha]

$heading = mysql_real_escape_string(strip_tags($_REQUEST['heading']));

 

This is what I use for added security, Sorry, I overread the Request part.

 

All your variables have to be set if you are going to put them in the database.

 

[tylrwb]

I was playing with the other code and this works:

$heading = $_POST[heading];

 

I changed the brackets on heading to [ ]

 

do you think I should use what you wrote to be more secure!

[peranha]

It will help with SQL injection.  the striptags will take out all tags as far as links in database, font tags, etc.

[tylrwb]

Ok every thing is working fine now! I have another question if possable.

this page is on my web site - and they have to pay to fill that out.

How would you go about making it so the page cannot be accessed directly?

They will not be a member or anything and i dont want them to be.

Basically they go to a paypal page first and after payment they get to fill in the info.

But you can access the page directly if you know the address..

 

Thanks Again